Problems with SpyAxe

[B_rad21]

I am having problems with spyaxe and i looked at the thread that had all the fixes for this and i am still having trouble. I have no trouble downloading Smitfraudfix and running it in Safe Mode. When i download AVG Anti Spyware and install, it will not run. I am guessing it wont run because of the virus. I have been trying to fix this for weeks and i was referred to your website.Im not that great with computers so if you have any suggestions or tell me what im doing wrong could you explain in detail.Here is the rapport.txt from when i ran Smitfraudfix.
Thanks


SmitFraudFix v2.308

Scan done at 17:56:00.84, Mon 03/24/2008
Run from C:\Documents and Settings\Brad\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\Installer\{caee88e6-8953-4cf0-8f19-c4d622cfeaf5}\CDWin.dll deleted


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\tmp???????.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B0AB4E41-CA70-4381-A067-004A420F8387}: DhcpNameServer=207.241.128.2 207.241.129.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B0AB4E41-CA70-4381-A067-004A420F8387}: DhcpNameServer=207.241.128.2 207.241.129.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B0AB4E41-CA70-4381-A067-004A420F8387}: DhcpNameServer=207.241.128.2 207.241.129.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.241.128.2 207.241.129.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.241.128.2 207.241.129.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.241.128.2 207.241.129.2


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[tetonbob]

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Thank you.

[B_rad21]

Deckard's System Scanner v20071014.68
Run by Brad on 2008-03-27 21:05:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-03-28 0105 UTC - RP619 - Deckard's System Scanner Restore Point
21: 2008-03-27 15:16:33 UTC - RP618 - System Checkpoint
20: 2008-03-26 14:57:44 UTC - RP617 - System Checkpoint
19: 2008-03-24 03:36:59 UTC - RP616 - Installed Age of Empires III
18: 2008-03-24 03:14:59 UTC - RP615 - Installed Java(TM) 6 Update 5


-- First Restore Point --
1: 2008-03-10 04:51:40 UTC - RP598 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-27 21:09:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\STSYSTRA.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\khrgaxru.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Brad\Desktop\dss(2).exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
O2 - BHO: (no name) - {064A610C-5408-41E3-8852-972F8258F4AF} - (no file)
O2 - BHO: (no name) - {6199736D-1238-4F6A-A6C4-123149013B03} - (no file)
O2 - BHO: (no name) - {6F04D3E5-E1EA-4E4D-BD58-D96C79517D25} - (no file)
O2 - BHO: (no name) - {73766CFC-EEA4-45AC-871F-93282675B2FB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7DA166E7-4567-470A-AD85-7D36F78FC692} - (no file)
O2 - BHO: (no name) - {90b62f39-86ef-4c57-bd4f-18b48915f6f3} - (no file)
O2 - BHO: (no name) - {A560211A-3DA7-4C78-AAC2-226FA67B0BC8} - (no file)
O2 - BHO: (no name) - {D5628C76-482C-42AA-A33B-6808752C4C6A} - (no file)
O2 - BHO: (no name) - {DC07DD93-4091-4212-AFF4-AF441F1A3D56} - (no file)
O2 - BHO: (no name) - {EB2BBB81-FE3F-4255-8E96-1E8AD3879FDE} - (no file)
O2 - BHO: (no name) - {EF4BFE71-6B5A-4B31-AAB7-E91D501E070C} - (no file)
O2 - BHO: (no name) - {F026E557-BFFA-41EF-B8DA-404B2C19125F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [khrgaxru] C:\WINDOWS\system32\khrgaxru.exe
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmod.dll,startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvvoz.dll,startup
O4 - HKLM\..\Run: [BMc7613a74] Rundll32.exe "C:\WINDOWS\system32\palrcarm.dll",s
O4 - HKLM\..\Run: [c45209e8] rundll32.exe "C:\WINDOWS\system32\trjgmlwi.dll",b
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: wvuurpo - C:\WINDOWS\system32\wvuurpo.dll (file missing)
O20 - Winlogon Notify: xxyaxuu - C:\WINDOWS\system32\xxyaxuu.dll (file missing)
O21 - SSODL: CDWin - {caee88e6-8953-4cf0-8f19-c4d622cfeaf5} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 11158 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>

S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-24 20:00:00 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Brad.job
2008-03-21 10:16:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-27 and 2008-03-27 -----------------------------

2008-03-27 21:02:57 16384 --a------ C:\WINDOWS\system32\braviax.exe
2008-03-27 08:14:00 6656 --a------ C:\WINDOWS\system32\users32.dat
2008-03-27 08:13:49 308712 --a------ C:\WINDOWS\system32\winivstr.exe
2008-03-26 00:12:57 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-03-26 00:11:29 0 d-------- C:\Program Files\Common Files\PC Tools
2008-03-25 19:53:37 0 d-------- C:\Program Files\Spyware Doctor
2008-03-25 19:53:37 0 d-------- C:\Documents and Settings\Brad\Application Data\PC Tools
2008-03-24 17:26:37 230912 --a------ C:\WINDOWS\system32\wscmp.dll
2008-03-24 16:54:51 118784 --a------ C:\WINDOWS\system32\rxrjdzpt.dll
2008-03-24 16:54:43 15360 --a------ C:\WINDOWS\system32\drvmodr.dll
2008-03-24 16:54:43 103936 --a------ C:\WINDOWS\system32\drvmod.dll
2008-03-24 16:54:39 94208 --a------ C:\WINDOWS\system32\khrgaxru.exe
2008-03-24 12:15:29 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-13 23:32:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-13 23:32:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-13 23:32:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-13 23:32:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-13 23:32:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-13 23:32:02 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-13 23:32:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-12 12:46:20 0 d-------- C:\Program Files\LimeWire
2008-03-12 12:32:02 17307 --a------ C:\Documents and Settings\All Users\Application Data\sorosad.bat
2008-03-12 12:32:02 14672 --a------ C:\Documents and Settings\All Users\Application Data\likotenoke.sys
2008-03-12 12:32:02 13163 --a------ C:\Documents and Settings\All Users\Application Data\amacago.vbs
2008-03-11 19:17:01 0 d-------- C:\Documents and Settings\Brad\Application Data\Uniblue
2008-03-11 18:20:01 0 d-------- C:\Documents and Settings\Brad\Application Data\LimeWire
2008-03-10 20:38:47 5544 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 10:44:12 6144 --a------ C:\WINDOWS\system32\cru629.dat
2008-03-10 10:44:12 6144 --a------ C:\WINDOWS\cru629.dat
2008-03-09 20:05:42 0 d-------- C:\Documents and Settings\Brad\.housecall6.6
2008-03-09 19:04:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 18:16:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-09 18:16:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-09 18:14:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-09 18:14:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-09 18:14:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-03-09 18:14:15 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-03-09 18:14:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-09 18:14:15 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-09 18:14:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-09 18:14:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-09 18:14:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-09 18:14:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-09 18:14:14 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-09 18:14:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-09 18:14:14 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-09 18:14:14 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-09 18:14:14 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-03-09 18:14:14 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-09 18:14:13 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-09 18:14:13 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-09 18:14:12 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-09 17:20:50 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 16:12:31 301814 --ahs---- C:\WINDOWS\system32\llnmp.ini2
2008-03-09 16:10:29 18563 --a------ C:\WINDOWS\ixumyz.bat
2008-03-09 16:10:29 10044 --a------ C:\Program Files\Common Files\etenebadab.scr
2008-03-09 16:10:29 12186 --a------ C:\Documents and Settings\Brad\Application Data\acipowe.bin
2008-03-09 16:10:29 11835 --a------ C:\Documents and Settings\All Users\Application Data\ojunef.reg
2008-03-09 16:10:28 19250 --a------ C:\WINDOWS\system32\rupyvy.sys
2008-03-09 16:10:28 19201 --a------ C:\WINDOWS\izumu.dll
2008-03-09 16:10:28 16042 --a------ C:\Documents and Settings\Brad\Application Data\emusojyti.reg
2008-03-09 16:10:28 19971 --a------ C:\Documents and Settings\All Users\Application Data\exoqozob.bat
2008-03-09 16:05:41 58368 --a------ C:\mhyvfa.exe
2008-02-27 23:39:05 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-03-26 23:00:47 0 d-------- C:\Documents and Settings\Brad\Application Data\uTorrent
2008-03-26 00:11:29 0 d-------- C:\Program Files\Common Files
2008-03-23 23:22:15 0 d-------- C:\Program Files\Java
2008-03-23 18:26:47 0 d-------- C:\Program Files\uTorrent
2008-03-12 12:32:02 19935 --a------ C:\Program Files\Common Files\nyjutega.dl
2008-03-12 12:32:01 18856 --a------ C:\Program Files\Common Files\iranisihij.db
2008-03-11 19:42:26 0 d-------- C:\Program Files\iTunes
2008-03-11 18:15:52 0 d-------- C:\Program Files\Ares
2008-03-09 16:10:29 10411 --a------ C:\Program Files\Common Files\abexaleqyp.db
2008-02-28 19:10:00 13492 --a------ C:\Documents and Settings\Brad\Application Data\wklnhst.dat
2008-02-27 23:37:36 0 d-------- C:\Program Files\QuickTime
2008-02-17 15:50:27 0 d-------- C:\Program Files\AIM6
2008-02-15 15:45:14 0 d-------- C:\Documents and Settings\Brad\Application Data\CyberLink
2008-02-13 12:54:14 0 d-------- C:\Documents and Settings\Brad\Application Data\Adobe
2008-02-11 20:59:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-09 15:53:28 0 d-------- C:\Program Files\DivX
2008-02-01 03:52:06 0 d-------- C:\Program Files\Activision
2008-02-01 03:28:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-31 12:38:36 0 d-------- C:\Program Files\Microsoft Games
2008-01-04 17:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 17:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 17:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 17:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 17:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 17:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 17:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 17:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-27 19:42:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{064A610C-5408-41E3-8852-972F8258F4AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6199736D-1238-4F6A-A6C4-123149013B03}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F04D3E5-E1EA-4E4D-BD58-D96C79517D25}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73766CFC-EEA4-45AC-871F-93282675B2FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DA166E7-4567-470A-AD85-7D36F78FC692}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b62f39-86ef-4c57-bd4f-18b48915f6f3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A560211A-3DA7-4C78-AAC2-226FA67B0BC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5628C76-482C-42AA-A33B-6808752C4C6A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC07DD93-4091-4212-AFF4-AF441F1A3D56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB2BBB81-FE3F-4255-8E96-1E8AD3879FDE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4BFE71-6B5A-4B31-AAB7-E91D501E070C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F026E557-BFFA-41EF-B8DA-404B2C19125F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/06/2005 03:22 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/06/2005 03:19 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/06/2005 03:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/23/2005 12:20 AM C:\WINDOWS\STSYSTRA.EXE]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 02:02 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [01/14/2007 03:11 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/26/2007 12:13 PM]
"nwiz"="nwiz.exe" [07/26/2007 12:13 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/26/2007 12:13 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"khrgaxru"="C:\WINDOWS\system32\khrgaxru.exe" [03/24/2008 04:54 PM]
"MSDrive"="C:\WINDOWS\system32\drvmod.dll" [03/24/2008 04:54 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"MSDisp32"="C:\WINDOWS\system32\drvvoz.dll" []
"BMc7613a74"="C:\WINDOWS\system32\palrcarm.dll" []
"c45209e8"="C:\WINDOWS\system32\trjgmlwi.dll" []
"braviax"="braviax.exe" [03/27/2008 09:02 PM C:\WINDOWS\system32\braviax.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"ieupdate"="C:\WINDOWS\system32\ieupdates.exe" []
"braviax"="C:\WINDOWS\system32\braviax.exe" [03/27/2008 09:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [8/26/2005 12:51:30 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuurpo]
wvuurpo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyaxuu]
xxyaxuu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1349adcc-9877-11db-9d60-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-03-27 21:10:13 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1790.07 MiB / 1229.4 MiB
Pagefile Memory (total/avail): 2778.35 MiB / 2229.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.68 MiB

C: is Fixed (NTFS) - 70.38 GiB total, 42.94 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75LSA0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 70.38 GiB - C:
\PARTITION2 - Unknown - 4.08 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Spyware Doctor with AntiVirus v4.4.5 (PC Tools)
AV: Norton AntiVirus v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1161129985\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1161129985\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1161129985\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1161129985\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Brad\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Brad\\Desktop\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\Azureus\\Stuff\\Azureus.exe"="C:\\Program Files\\Azureus\\Stuff\\Azureus.exe:*:Enabled:Azureus"
"C:\\Documents and Settings\\Brad\\My Documents\\Azureus.exe"="C:\\Documents and Settings\\Brad\\My Documents\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\uTorrent\\CoD2\\CoD2MP_s.exe"="C:\\Program Files\\uTorrent\\CoD2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Brad\\LOCALS~1\\Temp\\win18C.exe"="C:\\DOCUME~1\\Brad\\LOCALS~1\\Temp\\win18C.exe:*:Enabled:win18C"
"C:\\WINDOWS\\TEMP\\win62.exe"="C:\\WINDOWS\\TEMP\\win62.exe:*:Enabled:win62"
"C:\\WINDOWS\\TEMP\\win12.exe"="C:\\WINDOWS\\TEMP\\win12.exe:*:Enabled:win12"
"C:\\WINDOWS\\TEMP\\win1B7.exe"="C:\\WINDOWS\\TEMP\\win1B7.exe:*:Enabled:win1B7"
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe:*:Disabled:BfVietnam"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brad\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D249Q981
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brad
LOGONSERVER=\\D249Q981
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Brad\LOCALS~1\Temp
TMP=C:\DOCUME~1\Brad\LOCALS~1\Temp
USERDOMAIN=D249Q981
USERNAME=Brad
USERPROFILE=C:\Documents and Settings\Brad
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Brad (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON CX5000 Series User's Guide --> C:\Program Files\epson\guide\cx5000_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX5000 Scanner Driver Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Software v9.2.4.11 --> C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel(R) PROSafe for Wired Connections --> MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel(R) PROSafe for Wired Connections --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch --> C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2005 --> MsiExec.exe /I{05410044-64A6-4248-A026-9745C1E9E159}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft Works 2005 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MyWay Search Assistant --> MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type19553 / Error
Event Submitted/Written: 03/26/2008 10:57:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type19552 / Error
Event Submitted/Written: 03/26/2008 10:57:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type19551 / Error
Event Submitted/Written: 03/26/2008 10:30:12 AM
Event ID/Source: 2001 / Microsoft Office 10
Event Description:
Rejected Safe Mode action : Microsoft Word.

Event Record #/Type19547 / Error
Event Submitted/Written: 03/26/2008 02:08:01 AM
Event ID/Source: 2001 / Microsoft Office 10
Event Description:
Rejected Safe Mode action : Microsoft Word.

Event Record #/Type19546 / Error
Event Submitted/Written: 03/26/2008 02:04:54 AM
Event ID/Source: 2001 / Microsoft Office 10
Event Description:
Rejected Safe Mode action : Microsoft Word.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38291 / Error
Event Submitted/Written: 03/27/2008 09:08:14 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the service.

Event Record #/Type38287 / Error
Event Submitted/Written: 03/27/2008 09:07:44 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The PC Tools Security Service service hung on starting.

Event Record #/Type38286 / Error
Event Submitted/Written: 03/27/2008 09:04:46 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Event Record #/Type38284 / Error
Event Submitted/Written: 03/27/2008 09:04:46 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Symantec Lic NetConnect service service to connect.

Event Record #/Type38283 / Error
Event Submitted/Written: 03/27/2008 09:04:46 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-03-27 21:10:13 ------------

[tetonbob]

You've got more going on here than SmitfraudFix will take care of.

Norton 2007 shows up as outdated. Is the subscription expired?

Spyware Doctor also has an AntiVirus component, and having more than one AntiVirus installed is not good for a machine, it can cause system hangs and slowdowns.

If you plan on keeping the Spyware Doctor suite, you should completely uninstall Norton.

Please use the instructions on this page to completely uninstall your Norton Products.

==========================================

Run DSS again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss(2).exe" /daft

Click on Scan.

Tick the boxes which should appear for these entries:

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply.

Next......

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

[B_rad21]

I uninstalled my Norton....should I also uninstall Spybot and Ad-Aware Se? The big problem I had with Combofix was that when i downloaded the Windows Recovery Console (I had to download from the Website because I cannot find my Windows cd) and when i dragged it over to the Combofix icon and double clicked it...nothing happened and I did not touch my computer for an hour....is there something I am not doing right? Did I miss a step or is something stopping me from running the Combofix?

[tetonbob]

Quote:

should I also uninstall Spybot and Ad-Aware Se

No, though at some point you may want to make sure you have the most recent versions. Spybot is at version 1.5, Ad-Aware is now Ad-Aware 2007

Wait until we've cleared the infections to do that.

It may be that your protection applications were preventing ComboFix from working. It should only take a few minutes at the Recovery Console stage.

Disable Spyware Doctor, and try again.

[tetonbob]

Quote:

i dragged it over to the Combofix icon and double clicked it...

The Recovery Console installation only requires that you drag the package onto ComboFix.exe

There should be no double clicking going on in that stage.

Is ComboFix window still open?

[B_rad21]

I meant that I dragged the Windows pack icon over the Combofix.exe icon.It is still not working, I disabled everything on Spydoctor and even turned off my Windows Firewall, but still nothing is happening.

[tetonbob]

Delete your existing version of ComboFix.

Then, use this method to download a new version.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[B_rad21]

When I went to the Windows website to pick the Recovery Pack, there were two options for the Service Pack 2.I will list my system information below the links to Microsoft.

http://www.microsoft.com/downloads/d...displaylang=en

http://www.microsoft.com/downloads/d...displaylang=en

Microsoft Windows XP
Home Edition
Version 2002
Service Pack 2

[tetonbob]

You want the one for Windows XP Home, Service Pack 2

http://www.microsoft.com/downloads/d...displaylang=en

[B_rad21]

ComboFix 08-03-30.4 - Brad 2008-03-31 20:30:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1411 [GMT -4:00]
Running from: C:\Documents and Settings\Brad\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\BMc7613a74.xml
C:\WINDOWS\braviax.exe
C:\WINDOWS\cru629.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\system32\drvmodr.dll
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfqrxuei.ini
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\system32\wscmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-31 20:19 . 2008-03-31 20:19 60 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-03-27 21:05 . 2008-03-27 21:05 <DIR> d-------- C:\Deckard
2008-03-26 00:12 . 2008-03-26 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-03-26 00:12 . 2008-03-26 00:11 159,112 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-03-26 00:11 . 2008-03-26 00:12 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-03-25 19:53 . 2008-03-31 20:19 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-25 19:53 . 2008-03-25 19:53 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\PC Tools
2008-03-25 19:53 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-25 19:53 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-25 19:53 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-25 19:53 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-25 15:33 . 2008-03-26 00:15 1,564,219 ---hs---- C:\WINDOWS\system32\iwlmgjrt.ini
2008-03-24 17:24 . 2008-03-24 17:41 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-03-24 17:23 . 2008-03-24 17:41 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-03-24 16:54 . 2008-03-24 16:54 118,784 --a------ C:\WINDOWS\system32\rxrjdzpt.dll
2008-03-24 16:54 . 2008-03-24 16:54 103,936 --a------ C:\WINDOWS\system32\drvmod.dll
2008-03-24 16:54 . 2008-03-24 16:54 94,208 --a------ C:\WINDOWS\system32\khrgaxru.exe
2008-03-24 15:34 . 2008-03-25 08:13 1,488,400 ---hs---- C:\WINDOWS\system32\hbacyxyt.ini
2008-03-24 12:15 . 2008-03-24 12:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-23 15:28 . 2008-03-24 15:29 1,511,155 ---hs---- C:\WINDOWS\system32\ekgtnjrg.ini
2008-03-20 12:29 . 2008-03-23 15:26 1,453,142 ---hs---- C:\WINDOWS\system32\qdnlkbjt.ini
2008-03-19 12:28 . 2008-03-20 12:29 1,459,683 ---hs---- C:\WINDOWS\system32\vvjnvstu.ini
2008-03-18 12:24 . 2008-03-19 12:25 1,545,177 ---hs---- C:\WINDOWS\system32\pakfhitn.ini
2008-03-16 12:24 . 2008-03-17 12:25 1,426,022 ---hs---- C:\WINDOWS\system32\fxvfpdks.ini
2008-03-15 11:23 . 2008-03-16 12:19 1,328,573 ---hs---- C:\WINDOWS\system32\niftfsqo.ini
2008-03-14 11:23 . 2008-03-14 11:24 1,322,821 ---hs---- C:\WINDOWS\system32\kvofsafv.ini
2008-03-13 23:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-13 23:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-13 23:32 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-13 23:32 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-13 23:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-13 23:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-13 23:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-13 11:19 . 2008-03-14 11:19 1,363,137 ---hs---- C:\WINDOWS\system32\prrevaoe.ini
2008-03-12 12:46 . 2008-03-12 12:50 <DIR> d-------- C:\Program Files\LimeWire
2008-03-12 12:32 . 2008-03-12 12:32 18,615 --a------ C:\WINDOWS\xela.db
2008-03-12 12:32 . 2008-03-12 12:32 17,307 --a------ C:\Documents and Settings\All Users\Application Data\sorosad.bat
2008-03-12 12:32 . 2008-03-12 12:32 17,005 --a------ C:\WINDOWS\system32\esut.inf
2008-03-12 12:32 . 2008-03-12 12:32 15,287 --a------ C:\WINDOWS\inogyfyw.inf
2008-03-12 12:32 . 2008-03-12 12:32 14,672 --a------ C:\Documents and Settings\All Users\Application Data\likotenoke.sys
2008-03-12 12:32 . 2008-03-12 12:32 13,163 --a------ C:\Documents and Settings\All Users\Application Data\amacago.vbs
2008-03-12 12:32 . 2008-03-12 12:32 12,787 --a------ C:\WINDOWS\system32\edobymix.ban
2008-03-12 11:14 . 2008-03-12 11:14 206 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 11:12 . 2008-03-13 11:13 1,345,690 ---hs---- C:\WINDOWS\system32\telrgdcg.ini
2008-03-11 19:17 . 2008-03-11 19:17 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Uniblue
2008-03-11 18:20 . 2008-03-28 14:53 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\LimeWire
2008-03-11 10:50 . 2008-03-12 11:10 1,321,235 ---hs---- C:\WINDOWS\system32\pvkflxdu.ini
2008-03-10 20:38 . 2008-03-24 17:56 5,544 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 10:51 . 2008-03-11 08:11 1,254 ---hs---- C:\WINDOWS\system32\yrdbtvmo.ini
2008-03-10 00:56 . 2008-03-09 20:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-09 20:05 . 2008-03-10 00:56 <DIR> d-------- C:\Documents and Settings\Brad\.housecall6.6
2008-03-09 19:04 . 2008-03-09 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 18:16 . 2008-03-09 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-09 18:14 . 2005-08-26 00:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-09 18:14 . 2005-08-26 00:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-09 18:14 . 2005-08-26 01:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-03-09 17:20 . 2008-03-31 20:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 16:10 . 2008-03-09 16:10 19,971 --a------ C:\Documents and Settings\All Users\Application Data\exoqozob.bat
2008-03-09 16:10 . 2008-03-09 16:10 19,879 --a------ C:\WINDOWS\yjygafyt.lib
2008-03-09 16:10 . 2008-03-09 16:10 19,250 --a------ C:\WINDOWS\system32\rupyvy.sys
2008-03-09 16:10 . 2008-03-09 16:10 19,201 --a------ C:\WINDOWS\izumu.dll
2008-03-09 16:10 . 2008-03-09 16:10 18,563 --a------ C:\WINDOWS\ixumyz.bat
2008-03-09 16:10 . 2008-03-09 16:10 16,919 --a------ C:\WINDOWS\system32\vure._sy
2008-03-09 16:10 . 2008-03-09 16:10 16,042 --a------ C:\Documents and Settings\Brad\Application Data\emusojyti.reg
2008-03-09 16:10 . 2008-03-09 16:10 15,080 --a------ C:\WINDOWS\ilopuz._sy
2008-03-09 16:10 . 2008-03-09 16:10 13,337 --a------ C:\WINDOWS\sizin.db
2008-03-09 16:10 . 2008-03-09 16:10 13,153 --a------ C:\WINDOWS\lerecyp.inf
2008-03-09 16:10 . 2008-03-09 16:10 12,186 --a------ C:\Documents and Settings\Brad\Application Data\acipowe.bin
2008-03-09 16:10 . 2008-03-09 16:10 11,835 --a------ C:\Documents and Settings\All Users\Application Data\ojunef.reg
2008-03-09 16:10 . 2008-03-09 16:10 10,044 --a------ C:\Program Files\Common Files\etenebadab.scr
2008-03-09 16:05 . 2008-03-09 16:05 58,368 --a------ C:\mhyvfa.exe
2008-03-09 16:05 . 2004-08-04 06:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 18:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-27 03:00 --------- d-----w C:\Documents and Settings\Brad\Application Data\uTorrent
2008-03-24 03:22 --------- d-----w C:\Program Files\Java
2008-03-23 22:26 --------- d-----w C:\Program Files\uTorrent
2008-03-12 16:32 19,935 ----a-w C:\Program Files\Common Files\nyjutega.dl
2008-03-12 16:32 18,856 ----a-w C:\Program Files\Common Files\iranisihij.db
2008-03-11 23:42 --------- d-----w C:\Program Files\iTunes
2008-03-11 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-11 22:15 --------- d-----w C:\Program Files\Ares
2008-03-11 04:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 04:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 20:10 10,411 ----a-w C:\Program Files\Common Files\abexaleqyp.db
2008-02-28 23:10 13,492 ----a-w C:\Documents and Settings\Brad\Application Data\wklnhst.dat
2008-02-28 03:39 --------- d-----w C:\Program Files\iPod
2008-02-28 03:37 --------- d-----w C:\Program Files\QuickTime
2008-02-17 19:50 --------- d-----w C:\Program Files\AIM6
2008-02-17 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-15 19:45 --------- d-----w C:\Documents and Settings\Brad\Application Data\CyberLink
2008-02-09 19:53 --------- d-----w C:\Program Files\DivX
2008-02-01 07:52 --------- d-----w C:\Program Files\Activision
2008-02-01 07:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{064A610C-5408-41E3-8852-972F8258F4AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6199736D-1238-4F6A-A6C4-123149013B03}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F04D3E5-E1EA-4E4D-BD58-D96C79517D25}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73766CFC-EEA4-45AC-871F-93282675B2FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DA166E7-4567-470A-AD85-7D36F78FC692}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b62f39-86ef-4c57-bd4f-18b48915f6f3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A560211A-3DA7-4C78-AAC2-226FA67B0BC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5628C76-482C-42AA-A33B-6808752C4C6A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC07DD93-4091-4212-AFF4-AF441F1A3D56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB2BBB81-FE3F-4255-8E96-1E8AD3879FDE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4BFE71-6B5A-4B31-AAB7-E91D501E070C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F026E557-BFFA-41EF-B8DA-404B2C19125F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"ieupdate"="C:\WINDOWS\system32\ieupdates.exe" [ ]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-06 03:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 03:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 03:23 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\STSYSTRA.EXE]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-26 12:13 8466432]
"nwiz"="nwiz.exe" [2007-07-26 12:13 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-26 12:13 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"khrgaxru"="C:\WINDOWS\system32\khrgaxru.exe" [2008-03-24 16:54 94208]
"MSDrive"="C:\WINDOWS\system32\drvmod.dll" [2008-03-24 16:54 103936]
"MSDisp32"="C:\WINDOWS\system32\drvvoz.dll" [ ]
"BMc7613a74"="C:\WINDOWS\system32\palrcarm.dll" [ ]
"c45209e8"="C:\WINDOWS\system32\trjgmlwi.dll" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"braviax"="braviax.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-08-26 00:51:30 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuurpo]
wvuurpo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyaxuu]
xxyaxuu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-26 00:11]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 16:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1349adcc-9877-11db-9d60-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 14:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 20:33:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-31 20:36:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-01 00:36:00
Pre-Run: 46,252,433,408 bytes free
Post-Run: 46,182,064,128 bytes free
.
2008-03-12 15:14:42 --- E O F ---

[tetonbob]

Good job.

Please go to: VirusTotal

• On the page you'll find a "Browse" button.
  
• Next to the browse button you'll see a box to enter text.
• Please copy/paste the following in BOLD:
  
  C:\Program Files\Common Files\etenebadab.scr
  
  
• Then click the "Send File " button just below.
• This will scan the file. Please be patient.
• Once scanned, copy and paste the results in your next reply.
  
• Please repeat for the following files:
  
  • C:\WINDOWS\system32\vure._sy
  • C:\WINDOWS\system32\rupyvy.sys
  • C:\WINDOWS\system32\dllcache\beep.sys
    

Also post a new HijackThis log.

[B_rad21]

Should I still have my virus software and firewall turned off while I do the VirusTotal website?

[tetonbob]

Shouldn't be needed....those should have been re-enabled after a reboot of the machine.

[B_rad21]

Is it normal for the VirusTotal website to take a while to load up....because I am still uploading the C:\Program Files\Common Files\etenebadab.scr
for a while now.

[tetonbob]

Depends on the load the site is having. Are you saying the file is uploading still, or that you're in a queue waiting for a turn at a scan?

Are you on dialup, or broadband?

[B_rad21]

Broadband and it says it is "Sending File"

[tetonbob]

Let's do this instead....close that window.

Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Disconnect from the internet. Disable your protection applications, including AntiVirus.

S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.
• See this link for a tutorial

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/233448-problems-spyaxe.html

File::
C:\Documents and Settings\All Users\Application Data\ojunef.reg
C:\WINDOWS\system32\hbacyxyt.ini
C:\WINDOWS\system32\ekgtnjrg.ini
C:\WINDOWS\system32\qdnlkbjt.ini
C:\WINDOWS\system32\vvjnvstu.ini
C:\WINDOWS\system32\pakfhitn.ini
C:\WINDOWS\system32\fxvfpdks.ini
C:\WINDOWS\system32\niftfsqo.ini
C:\WINDOWS\system32\kvofsafv.ini
C:\WINDOWS\system32\prrevaoe.ini
C:\WINDOWS\system32\iwlmgjrt.ini
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\esut.inf
C:\WINDOWS\inogyfyw.inf
C:\WINDOWS\system32\telrgdcg.ini
C:\WINDOWS\system32\pvkflxdu.ini
C:\WINDOWS\system32\yrdbtvmo.ini
C:\WINDOWS\ixumyz.bat
C:\WINDOWS\lerecyp.inf
C:\Documents and Settings\All Users\Application Data\exoqozob.bat
C:\Documents and Settings\All Users\Application Data\sorosad.bat


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{064A610C-5408-41E3-8852-972F8258F4AF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6199736D-1238-4F6A-A6C4-123149013B03}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F04D3E5-E1EA-4E4D-BD58-D96C79517D25}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73766CFC-EEA4-45AC-871F-93282675B2FB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DA166E7-4567-470A-AD85-7D36F78FC692}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b62f39-86ef-4c57-bd4f-18b48915f6f3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A560211A-3DA7-4C78-AAC2-226FA67B0BC8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5628C76-482C-42AA-A33B-6808752C4C6A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC07DD93-4091-4212-AFF4-AF441F1A3D56}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB2BBB81-FE3F-4255-8E96-1E8AD3879FDE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4BFE71-6B5A-4B31-AAB7-E91D501E070C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F026E557-BFFA-41EF-B8DA-404B2C19125F}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=-
"Uniblue RegistryBooster 2"=-
"ieupdate"=-
"braviax"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"khrgaxru"=-
"MSDrive"=-
"MSDisp32"=-
"BMc7613a74"=-
"c45209e8"=-
"braviax"=-
"ccApp"=-
"osCheck"=-
"Symantec PIF AlertEng"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuurpo]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyaxuu]

Collect::
C:\WINDOWS\system32\ikhcore.cfg
C:\WINDOWS\system32\rxrjdzpt.dll
C:\WINDOWS\system32\drvmod.dll
C:\WINDOWS\system32\khrgaxru.exe
C:\WINDOWS\xela.db
C:\Documents and Settings\All Users\Application Data\likotenoke.sys
C:\Documents and Settings\All Users\Application Data\amacago.vbs
C:\WINDOWS\system32\edobymix.ban
C:\WINDOWS\yjygafyt.lib
C:\WINDOWS\system32\rupyvy.sys
C:\WINDOWS\izumu.dll
C:\WINDOWS\system32\vure._sy
C:\Documents and Settings\Brad\Application Data\emusojyti.reg
C:\WINDOWS\ilopuz._sy
C:\WINDOWS\sizin.db
C:\Documents and Settings\Brad\Application Data\acipowe.bin
C:\Program Files\Common Files\etenebadab.scr
C:\mhyvfa.exe
C:\Program Files\Common Files\nyjutega.dl
C:\Program Files\Common Files\iranisihij.db
C:\Program Files\Common Files\abexaleqyp.db

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Make sure your protections are re-enabled. A reboot should have done this.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

[B_rad21]

Do I disconnect from the internet and disable my virus software first then run TeaTimer or just go in order that you gave me?